Mikko Hypponen 

CRO, F-Secure 



D 



twitter.com/mikko 



Protecting the irreplaceable | f-secure.com 



i 



. 1 



F-Secure 




Mob. Mac. Mil. 



c 




-TM« 



The Three Main Sources of Cyber Attacks 



Criminals 



Hactivists 



Governments 




' > k B I 






'^ 




I 






" ■ ' ' ■ 







F-Secure 




Online Criminals 



Protecting the irreplaceable | f-secure.com 



F-Secure 




W Q Gwapo's Professional DDOS S '. Ift Gwapo's Professional DDOS 5' 

& O O www.youtu be.com/watch ?v=ySdaJbgG5gc 



You 



Browse Upload 



Gwapo's Professional DDOS Service ( Take down websites for long term ) 

Gwapologist Q Subscribe 4 videos ▼ 




16,778 * 



Uploaded by Gwapologist on Jan 4, 2012 

Service Website : http://www.ddosservice.org/ 

Fmail Us - nwanntfSharkfnmms net 



456 likes, 110 dislikes 
<§> As Seen On: 




DDoS Attack Tools 

by ArborNetworks 
7.774 views 



How To DDOS 
Runescape by 

by CrisizRS 
10.134 views 

How to do a DOS attack 
using LOIC 

by renzadude 
41.490 views 



Anonymous DDos 
Attack 

by KHOFACHpaltalk 
65,870 views 



How to Ddos IP or URL 
(BESTWAYJ 

by DomTheChosenOne 
25 r 517views 

How to make a Ping of 
Death attack. 

by bobbyprculovski 
59,821 views 



W Q Gwapo's Professional DDOS S '. Ift Gwapo's Professional DDOS 5' 

& O O www.youtu be.com/watch ?v=ySdaJbgG5gc 



YouB 



Q> Browse Upload 



Gwapo's Professional DDOS Service ( Take down websites for long term ) 

Gwapologist Q Subscribe 4 videos ▼ 




Service Website : http://www.ddosservice.org. 
Fmail Us ■ nwanntfShackfnmms net 




<§> As Seen On: 



DDoS Attack Tools 

by ArborNetworks 
7.774 views 



How To DDOS 
Runescape by 

by CrisizRS 
10,134 views 

How to do a DOS attack 
using LOIC 

by renzadude 
41.490 views 



Anonymous DDos 
Attack 

by KHOFACHpaltalk 
65,870 views 



How to Ddos IP or URL 
(BESTWAYJ 

by DomTheChosenOne 
25 r 517views 

How to make a Ping of 
Death attack. 

by bobbyprculovski 
59,82 1 views 



W Q Gwapo's Professional DDOS S '. Ift Gwapo's Professional DDOS 5' 

& O O www.youtu be.com/watch ?v=ySdaJbgG5gc 



You 



Browse Upload 



Gwapo's Professional DDOS Service ( Take down websites for long term ) 

Gwapologist Q Subscribe 4 videos ▼ 




Uploaded by Gwapologist on Jan 4, 2012 

Service Website : http://www.ddosservice.org/ 
Fmail Us - nwanntfSharkfnmms net 



456 likes, 110 dislikes 
<§> As Seen On: 




DDoS Attack Tools 

by ArborNetworks 
7.774 views 



How To DDOS 
Runescape by 

by CrisizRS 
10.1 34 views 

How to do a DOS attack 
using LOIC 

by renzadude 
41.490 views 



Anonymous DDos 
Attack 

by KHOFACHpaltalk 
65,870 views 



How to Ddos IP or URL 
(BESTWAYJ 

by DomTheChosenOne 
25 r 517views 

How to make a Ping of 
Death attack. 

by bobbyprculovski 
59,821 views 



(°) I 



O http: drashippingco.com/ 



<& 



Uld ^^■■^■iia *-o 




OUR LOCATIONS 



CONTACTS US 



J 



Apply for the courier 
position to receive 
parcels ordered by our 
clients worldwide at 
your address. Get paid 
for every parcel you 
receive! 

You will receive up to 25 
parcels weekly, we will 
ask you to send them to 
us within 1-2 days. You 
will receive pre-paid 
labels for every parcel 
you send out. 
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ALL YOUR PERSONAL FILES WERE ENCRYPTED 
WITH A STRONG ALGORYTHM RSA-1 024 
AND YOU CAN'T GET AN ACCESS TO THEM 
tl WITHOUT MAKING OF WHAT WE NEED! 
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READ "HOW TO DECRYPT 1 TXT-FILE 
ON YOUR DESKTOP FOR DETAILS 

JUST DO IT AS FAST AS YOU CAN! 

REMEMBER: DON'T TRY TO TELL SOMEONE 
ABOUT THIS MESSAGE IF YOU WANT TO GET 
YOUR FILES BACK! JUST DO ALL WE TOLD. 
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File Edit Format View Help 



Attenti on l l l 

All your personal files (photo, documents, texts, databases, certificates) 
have been encrypted by a very strong cypher rsa-1024. The original files 
were deleted. You can check - just look for files in all folders. 

There is no possibility to decrypt these files without a special decrypt 
program!. Nobody can help you - even don't try to find another method or 
tell anybody. Also after n days all encrypted files will be completely 
deleted and you will have no chance to get it back. 

we can help to solve this task for 125$ via ukash/psc pre-paid cards. 

And remember: any harmful or bad words to our side will be a reason 

for ingoring your message and nothing will be done. 

For details you have to send your request on this e-mail 

(attach to message a full serial key shown below in this 'how to.. ' 

file on desktop): filemaker@safe-mail.net 

B47B4FBA374D50 561933D6ADE9AC94B97E266Ba4A3662415BE266B9A774E6 
6AEDD1ABC32771696C764A7169F62BC0F9D7E1A1C602BE26B05B629996AE9 
B7Q9550B9A661FBF3ED16A3EA5AE57AAA9E100A7F107339E6D546B567FD29 
CBBBD7 3B7B72 3776BB1602B90E316A321CBB5A06B3D59D7BCC314 37B0D4D6 
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Activation by SMS is not available. 
Activation via the Internet is not available. 
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Copyright violation alert 




Copyright violation: copyrighted content detected 

Windows has detected that you are using content that was downloaded in violation of the copyright of its respective owners. 
Please read the following bulletin and try solving the problem in one of the recommended ways, 

English 



What has happened? 

During the system scan Antipiracy foundation scanner has 
detected copyright issues. Please take a look at the list and choose 
an action: pass the case to a court or settle it in pre-trial order by 
paying a fine, 



How could it happen? 

You may have been using file-sharing clients, torrents or downloaded the content in 
question straight from the website. In any of those cases you have violated the 
copyright of respective owners, In most countries this kind of action is prosecuted and 
serious penalties are imposed. Maximum penalties can be five years in prison and up to 
$250,000 in fines, 
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copyright 

alliance MPAA 

A co-project by ICPP foundation 







Evidence list 

Show details.,, 




Used IPs log 

176,4,2,0 
176,4,2,0 
176,4,2,0 


Type of violation 

p2p\warez movie download 
p2p\warez games download 
p2p\warez mp3 download 
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Antipiracy news 

12/02/2010 

New antipiracy measures are being taken against illegal content 



Choose an action 

I If you are sure that you can't have download that content to your PC or there was 
nothing you could do to avoid it, press "Pass the case to court" button and pass the 
case to court 



26/12/2009 

Antipiracy client updated: Download version 2.0 and scan your PC 
for illegal and spy ware content (e.g. music and videos) 



If these files belong to you, but you woud rather avoid all the expenses associated 
with settling the issue in court, you can settle your case in pre-trial order by pressing 
"5olve..," button 



Pass the case to court 



Settle case in pre-trial order 



http://icpp-online.com/ - your source for copyright initiative 



Enter a previously purchased license code 



All rights reserved by their respective owners, 2010 



; Computer Crime & Intellects 
IIV *£j* *Mm United States Department of Ju 




Attention! 

This operating system is locked due to the violation of the federal laws of the United States of America! Following violations were detected: 

Your IP address is "193.110.109.30". This IP address was used to visit websites containing pornography r child pornography r zoophilia and child abuse. Your computer also contains video files 
with pornographic contend elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer. 

This computer lock is aimed to stop your illegal activity. 



IP:193.110.109.3Q 



To unlock the computer you are obliged to pay a fine of 
$ 100. 

You must pay the forfeit through Paysafecard: 

To do this, you should enter the 16 digits resulting code (if necessary 
with a password) in the payment form and press OK (if you have several 
codes, enter them one after the other and press OK). 

Fan error occurs, send the codes to address 
su rch a rge@cyber-usa- police, gov 



ipay ^!« Where can I buy Paysafecard? 



Paysafecard is available from 350,000 sales outlets worldwide, in the United States from IPP, epay, 
pre cash and blackhawk outlets. 
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™.7r -.■ : ingfwjkms for life. 



r 



OK | 






Achtung!!! 



Das Betriebssystenn wurde iimZusammenhang mit VerstoBen gegen die Gesetze der Bundesrepublik Deutschland gesperrt! 

Es wurde folgender VerstoR festgestelt: Ihre IP Adresse lautet "193.110.109.30" mit dieser IP wurden Seiten mit pomografischen Inhaten r Kinderpornographie, Sodomie und Gewat gegen Kinder aufgerufen 
Auf Ihrem Computer wurden ebenfalls Videodateien mit pomografischen Inhalten, Elementen von Gewalt und Kinderpornografie festgestelt! 

Es wurden auch E ma its in Form von Spam, mit terrorMtschen Hintergrunden, verschickt. Diese Sperre des Computers dient dazu, Ihre Mega ten Aktivitaten zu unterblnden. 



IP: 193.110.109.30 

Location: Finland. Helsinki 
I5P:F-5ecureOYi 



Urn die Sperre des Computers aufzuheben, sind Sie dazu verf lichtet 
eine Strafe von 100 Euro zu zahlen. 

Die Zahlung per Ukash begleichen: 

Dazu geben Sie bitte den erworbenen Code in dasZahlungsfeld ein und drucken Sie 
anschliessend auf OK (haben Sie mehrere Codes r so geben Sie Diese einfach 
nacheinander ein und drucken Sie anschliessend auf OK). 

Solte das System Fehler melden, so mussen Sie den Code per Email 
einzahlungtgJinter-bundeskriminalamt.eu ;- 



(Jtykash Wo kann ich Ukash kaufen? 

Es gibt unzahlige Moglichkeiten, Ukash zu erwerben, z. B. in Geschaften, Kiosken, per Geldautomat, 
online oder u'ber eine E-Wallet (elektronische Geldbb'rse).Nachstehend finden Sie eine Liste, aus der 
hervorgeht, wo Sie in Ihrem Land Ukash erwerben konnen. 







■pay 



Tankstellen - jetzt auch erhaltlich beifolgenden Tankstellen: Agip, Avia, Esso, OMV, Ql und 
Westfalen. 

flfi Aflip © sr Q1 JSL. 

Epay - Kaufen Sie Ukash in vielen tausend Supermarkten oder Call- Shops, in denen Sie 
dieses Logo sehen. 
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FIGURE 5: ANDROID SAMPLES RECEIVED IN Q1 2012, SORTED BY DETECTION COUNT 
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[c : \u irus\zapf t is ]f sau . /archive 

F-Secure Anti-Uirus Command Line Scanner, version 9.20.15330 

Scans files and system for maluare 

Copyright © 2001-2009, F-Secure Corporation 



Results of virus scanning: 
C:\virus\sa 



.exe_ Infection: Backdoor :U32/R2D2 .A 
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Files: 

Not scanned: 

Result 
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To: 
Cc 
Subject: 



Alex Gladstein <alex@oslofreedomforum.com> 



An invitation to the Nobel Prize ceremony of Liu Xiaobo 



Sent: Sun 11/7/2010 7:34 PM 



_| Message ^_ invitation.pdf p36 KB) 



. 



Dear Sir ■' Madame 

I enclose a letter from Oslo Freedom Forum founder Thor Halvorssen inviting 
you to join him in Oslo for the Dec. 1 1th Prize ceremony. Let me know if you 
have any questions. 

Sincerely yours, 

Alex Gladstein 



Vice President of Strategy 

Oslo Freedom Forum 

al ex "3. oslo freed om forum . com 
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Novembers, 2010 



Dear Sir/Madame 



[ write to invite you to join me in Oslo at the Nobel Prize ceremony of Liu 
Xiaobo. It will take place December 1 1 ih at the Oslo City HalL 

As founder and chairman of the board of the Oslo Freedom Forum (a 
Norwegian human rights organization) I am inspired by the Norwegian Nobel 
Committee's decision to award the peace prize to a human rights defender 

[ hope you can join me in Norway to celebrate human rights and the universal 

message of Liu Xiaobo. 



Best regards 



C7 ^W 



Thor Hal vorssen 
President 
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25 February 2031 

Original: English 



Siity-fifth session 
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Ike [ion:, to fill vacancies in Tub si diary organs and 
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Human RjEhr> Council 



IS'ote verb ale dated 16 February 2011 from the Per in a lie lit 
Mission of India to the United Nations addressed to tlie 
President of the General Assembly 

The Permanent Mission of India to the United Nations present! its 
compliments to the Office of the President of Genera] Assembly and has the honour 
to rEcalL that India has presented lts candidature to tUE Human ^iahis Gouucl] for 
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Cyber Systems Engineer 2- HBSS 
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Malware Analyst 3 (LIOT CJ) 

NORTHROP GRUMMAN 
Posted on: 2/13/12 

2) View company profile 




Minimum Security Clearance 

Top Secret/SCI Clearance -Top Secret 



Location 

Arlington, Virginia 20593 (map) 

■ Workpl a ce : N ot Spe cified 

■ Travel: Not Specified 



This position is contingent upon contract award. This is an exciting opportunity to be part of Northrop Grumman 
Information System's Cyber Technology & Operations team. The Malware Analyst will support a large government 
contract that is at the front edge of protecting the nation's greatest information. The Malware Analyst provides 
planning, policy, requirements, and operations support for DHS. Responsibilities include identification and 
development of mission enhancement opportunities, reporting on evolving Cyber policy Trends and issues, and 
review and evaluate cyber policy directives/documents. Conduct research that focuses on rapidly emerging cyber 
threats, and the methods and processes employed by adversary employment of cyber warfare techniques, as well 
as offensive capabilities. The Malware Analyst will provide support to an enhance Cyber requirements analysis and 
tracking process, including highly focused studies and analyses to support development of processes for the 
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Cyber Software Engineer 2 

NORTHROP GRUMMAN 
Posted on: 5/14/12 

Qj View company profile 



Minimum Security Clearance 
Secret Clearance - Secret 



APPLY FOR JOB 



Location 

Millersville, Maryland 2110S[map) 

■ Workplace: Not Specified 

■ Travel: Not; Specified 



Nonhrop Grumman information Systems sector is seeking a Cyber Software Engineer 2 to join our team of 
qualified, diverse individuals. This position will be located in Millersville, MD, Colorado Springs, CO, or Sacramento, 
CA. This exciting and fast paced Research and Development project will plan, execute, and assess an Offensive 
Cyberspace Operation (OCO) mission. This includesthe integration of capabilities such as command linkages, data 
flows, situational awareness (SA), and command and control (C2) tools.. 

Roles, and Responsibilities: 

* Supports the integration of applications for full spectrum Cyber Operations and simulations 

* Extends existing simulation tools to include cyberspace components 

* Adapts components to a common data integration framework 

* Designs, develops, documents, tests and debugs applications software and systems that contain logical and 
mathematical solutions, GUI components, interface adaptations, or otherglue code 

* Projects a friendly, positive attitude and works cooperatively in a multi-faceted environment; exhibits an ability 
and desire to self-educate 

Qualifications 
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b. Forensic analysis of Windows systems, Linux systems, and/or mobile 
devices. 

c. Commercial, open source or GOTS tools for intrusion detection (e.g., 
Snort, BroIDS). 

d. Packet capture/evaluation (e.g., tcpdump, ethereal/wireshark, 
NOSEHAIR). 

e. Network mapping/discovery (e.g., nmap, TRJCKLER). 

f. Industry standard system/network tools (e.g., netcat, netstat, 
traceroute, rpcinfo, nbtscan, snmpwalk, Sysinternals suite). 

g. Exploit development of Microsoft Windows operating systems 
h. Exploit development of Linux operating systems 

i. Exploit development of personal computer device/mobile device 

operating systems (e.g., Android, Blackberry, iPhone, and iPad.) 

j. Software Reverse Engineering to include use of code disassemblers 

(e.g., IDA Pro) and debugging unknown code (e.g. Ollydbg) 

k. Analysis of code in memory, including analysis of RAM snapshots, 

Windows crash dump files, and/or Linux kernel dumps 

I. SID(S2)/NTOC analysis and production working cyber adversary 

intrusion set/targets, foreign network intelligence analysis or the 

identification and extraction of digitally transported information 

(Active TS/SCI FS Polygraph required) 



Mikko Hypponen 

CRO, F-Secure 
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twitter.com/mikko 



Protecting the irreplaceable | f-secure.com 
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